WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

CVE-2026-56045

The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (

Exploit for SQL Injection in Valvepress Automatic

This is a PoC exploit for CVE-2024-27956, a vulnerability in the...

EUVD-2025-25809

Malicious code in bioql PyPI...

CVE-2025-6247

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and...

CVE-2025-6247

CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (

WordPress plugin WordPress Automatic Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-34750 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions prior to 3.118.0 Description: The WordPress Automatic Plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of its functions. This allows...

CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...

WordPress plugin WordPress Automatic Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-25182 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions up to 3.115.0 Description: The WordPress Automatic Plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file. This allows authenticated attackers with...

Exploit for SQL Injection in Valvepress Automatic

🛑CVE-2024-27956-for-fscan Thanks for the PoC by diego-tella...

WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Automatic Translation versions = 1.0.4...

WordPress Automatic plugin <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by haidv35 in WordPress Plugin Automatic versions = 3.94.0...

WordPress Automatic Plugin <= 3.94.0 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Type Plugin Vulnerable versions = 3.94.0 Fixed in 3.95.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4849 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c71dc29444f6 Credits haidv35 Required privilege...

CVE-2024-4849

CVE-2024-4849 (WordPress Automatic Plugin) is a Stored XSS in the WordPress Automatic Plugin for WordPress, affecting all versions up to 3.94.0 due to insufficient input sanitization and output escaping in the autoplay parameter. Exploitation requires authenticated access at Contributor level or ...

WordPress Plugin WordPress Automatic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-33126 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 Description: The issue is related to Stored Cross-Site Scripting via the autoplay parameter due to insufficient input sanitization and output escaping. This...